CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 3 days ago•5 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

7.5CVSS5.8AI score0.00061EPSS

OSV•added 6 days ago•3 views

GHSA-C2M8-4GCG-V22G praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}

Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid,...

9.6CVSS5.8AI score

Exploits0References2

Tenable Nessus•added 6 days ago•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-6713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

Vulnrichment•added last week•3 views

Exploits0References2

CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS5.8AI score0.00047EPSS

Cvelist•added last week•25 views

CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

6.5CVSS0.00047EPSS

OSV•added 2026/05/27 9:12 p.m.•2 views

GHSA-6439-2F28-8P8Q Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...

8.6CVSS5.8AI score

Exploits0References7

NVD•added 2026/05/27 7:16 p.m.•7 views

CVE-2026-6713

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks...

5.3CVSS0.00019EPSS

NVD•added 2026/05/27 7:16 p.m.•6 views

CVE-2026-2601

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...

4.3CVSS0.00011EPSS

ATTACKERKB•added 2026/05/27 5:55 p.m.•5 views

CVE-2026-2601

4.3CVSS5.8AI score0.00011EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/05/27 5:55 p.m.•4 views

CVE-2026-6713

Exploits0References4Affected Software1

CVE•added 2026/05/27 5:55 p.m.•67 views

CVE-2026-6713

GitLab CVE-2026-6713 affects GitLab CE/EE versions: 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1. The issue stems from incorrect authorization checks that could allow an unauthorized user to enumerate private projects. Remediations have been released: GitLab 18.10.7, 18.11.4,...

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/27 5:55 p.m.•4 views

CVE-2026-6713 Incorrect Authorization in GitLab

Vulnrichment•added 2026/05/27 5:18 p.m.•7 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS5.8AI score0.00032EPSS

CVE•added 2026/05/27 6:46 a.m.•8 views

CVE-2026-3895

CVE-2026-3895 affects the WordPress plugin group: WPBakery Page Builder Addons by Livemesh. The vulnerability is a Stored Cross-Site Scripting via the lvca_admin_ajax AJAX action in all versions up to and including 3.9.4, caused by missing authorization checks and insufficient input sanitization....

6.4CVSS5.8AI score0.0003EPSS

EUVD•added 2026/05/27 6:46 a.m.•8 views

EUVD-2026-32107

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS5.8AI score0.0003EPSS

EUVD•added 2026/05/27 6:46 a.m.•5 views

EUVD-2026-32102

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

6.4CVSS5.8AI score0.0003EPSS

Cvelist•added 2026/05/27 6:46 a.m.•22 views

CVE-2026-3896 Livemesh SiteOrigin Widgets <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4CVSS0.0003EPSS